A critical vulnerability has emerged on over three dozen Lenovo systems that could let hackers bypass fingerprint scanner and gain access to existing Windows credentials. Machines that are affected by the security loophole includes several ThinkPad, ThinkStation, and ThinkCentre systems. Lenovo has acknowledged the flaw and released an update to its Fingerprint Manager Pro as a part of its mitigation strategy.

The latest vulnerability, which the company marked with high severity, exists in the Lenovo Fingerprint Pro utility that is specifically designed for Lenovo ThinkPad, ThinkStation, and ThinkCentre running Windows 7, Windows 8, and Windows 8.1. The scope of the vulnerability is quite wide as hackers could achieve access to Windows login credentials and fingerprint data. Nevertheless, it remains unaffected on systems with Windows 10 as the new operating system uses Microsoft’s built-in fingerprint reader support through Windows Hello.

“Sensitive data stored by Lenovo Fingerprint Manager Pro, including users’ Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system it is installed in,” Lenovo said in a security advisory.